On 10/18/2011 2:18 PM, Bruce Stephens wrote:
Jakob Bohm<jb-openssl-Ov0D3Su7/I/qt0dzr+a...@public.gmane.org> writes:
[...]
As explained above, 192 bit DSA and ECDSA only works with 192 bit
hashes (and only one hash algorithm is allowed for each private/public
key pair).
You can use larger digests (SHA-512, for example), but the digest will
be truncated before processing with ECDSA (or DSA). (This behaviour is
specified in the relevant standard.)
I did mention that in passing under my item 2 (where I mentioned use of
192-bit-truncated-SHA-224 as one allowed 192 bit hash algorithm for use
with ECDSA-192). I don't remember if the current FIPS-180 actually allows
truncating to (below) the size of the next smaller standard SHA-2 variant,
though there may be a special case allowing 160-bit-truncated-SHA-224
for use in former SHA-1 applications.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
